Compliance Library Blog Product Sign In
EU-DORA-42-06 Risk Management 42 — Follow-up by competent authorities

Take risks into account when managing ICT third-party risk

Description

Financial entities shall take into account the risks identified in recommendations when managing ICT third-party risk.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

EU-DORA-42-01 Transparency

Notify Lead Overseer of recommendation compliance intention within 60 days
EU-DORA-42-02 Transparency

Transmit critical ICT provider responses to competent authorities
EU-DORA-42-03 Transparency

Publicly disclose non-compliance by critical ICT providers
EU-DORA-42-04 Transparency

Notify ICT provider of public disclosure
EU-DORA-42-05 Transparency

Inform financial entities of identified risks in recommendations
EU-DORA-42-07 Transparency

Notify financial entity of potential suspension decision
EU-DORA-42-08 Requirement

Consider suspension or termination of ICT provider arrangements
EU-DORA-42-09 Monitoring

Issue non-binding opinions to promote supervisory consistency
EU-DORA-42-10 Requirement

Apply specified criteria when making suspension decisions
EU-DORA-42-11 Requirement

Grant financial entities adjustment period for contractual arrangements

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started